Claim your exclusive startup discount now!
The responsible party within the meaning of the General Data Protection Regulation (hereinafter “GDPR”) and other national data protection laws of the member states, as well as other data protection regulations is:
SB Startbereit GmbH
Monika Andronova
Bleibtreustrasse 38/39
10623 Berlin
www.start-bereit.com
We collect and use personal data of our users primarily only to the extent necessary for providing the functionality of our website as well as our content and services. The collection and use of personal data of our users generally occurs only with the user’s consent.
An exception applies in cases where obtaining prior consent is not possible for factual reasons, and the processing of the data is permitted by legal regulations.
The legal basis for the processing of personal data after obtaining the consent of the data subject is Article 6(1)(a) of the GDPR. For the processing of personal data necessary for the performance of a contract or for the execution of pre-contractual measures, the legal basis is Article 6(1)(b) of the GDPR. When processing personal data to fulfill a legal obligation, the legal basis is Article 6(1)© of the GDPR. In cases where the processing of personal data is necessary to protect vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party, and these interests outweigh the interests of the data subject, taking into account the fundamental rights and freedoms of the data subject, Article 6(1)(f) of the GDPR is the legal basis for processing the data.
Personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. However, data may be stored if this is required by a legal provision for the processing of the data. In this case, the data will be blocked or deleted once the legally prescribed retention period expires, unless there is a necessity for further storage of the data for the conclusion or fulfillment of a contract.
When you access our website, information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a so-called Log file. The following information is collected without your intervention and stored until automated deletion. These include: IP address of the requesting computer, date, and time of access, name, and URL of the retrieved file, website from which access is made (Referrer-URL), browser used, and, if applicable, the operating system of your computer as well as the name of your access provider.
The aforementioned data is processed by us for the purposes of ensuring a smooth connection to the website, ensuring a comfortable use of our website, evaluating system security and stability, as well as for other administrative purposes.
The legal basis for data processing is Article 6(1) sentence 1 lit. f of the GDPR. Our legitimate interest arises from the purposes listed above for data collection. In no case do we use the collected data to draw conclusions about your person.
We process our customers’ data as part of the ordering process in our online shop to enable them to select and order the chosen products and services, as well as to facilitate their payment, delivery, and/or execution.
The processed data includes master data, communication data, contract data, payment data, and the individuals affected by the processing include our customers, prospects, and other business partners. The processing is carried out for the purpose of providing contractual services as part of the operation of an online shop, billing, delivery, and customer service. In this context, we use session cookies to store the shopping cart contents and persistent cookies to store the login status.
The processing is carried out based on Article 6(1)(b) (performance of ordering processes) and © (legally required archiving) of the GDPR. The information marked as required is necessary for the establishment and fulfillment of the contract. We disclose the data to third parties only within the scope of delivery, payment, or in accordance with legal permissions and obligations to legal advisors and authorities. Data will only be processed in third countries if this is necessary for the fulfillment of the contract (e.g., at the customer’s request for delivery or payment).
Users can optionally create a user account, through which they can view their orders, among other things. During the registration process, the required mandatory fields are provided to the users. User accounts are not public and cannot be indexed by search engines. If users cancel their user account, their data related to the user account will be deleted, unless its retention is required for commercial or tax reasons in accordance with Article 6(1)© of the GDPR. Information in the customer account remains until its deletion, followed by archiving in the event of a legal obligation. It is the users’ responsibility to back up their data before the contract ends, in case of cancellation.
As part of the registration process, re-logins, and the use of our online services, we store the IP address and the time of each user action. The storage is based on our legitimate interests, as well as the user’s interest in protection against misuse and other unauthorized use. These data are generally not disclosed to third parties, unless it is necessary to assert our claims or there is a legal obligation to do so according to Article 6(1)© of the GDPR.
The deletion takes place after the expiration of statutory warranty and similar obligations. The necessity of retaining the data is reviewed every three years; in the case of legal archiving obligations, deletion occurs after their expiration (end of commercial (6 years) and tax (10 years) retention obligations).
Our website includes a contact form that can be used for electronic communication. The plugin used for this is called WPForms and is implemented in compliance with the GDPR. If a user takes advantage of this option, the data entered into the contact form, as well as the IP address, date, and time, are transmitted to us and stored. Your consent is obtained during the submission process for the processing of the data, and reference is made to this privacy policy. The legal basis for data processing in this case is Article 6(1)(a) of the GDPR.
Alternatively, contact can be made via the provided email address. In this case, the personal data of the user transmitted with the email will be stored. No data is shared with third parties in this context. The legal basis for processing this data is Article 6(1)(f) of the GDPR. If the email contact aims at concluding a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR.
The data processing for the purpose of contacting us is carried out in accordance with Article 6(1) sentence 1 lit. a of the GDPR based on your voluntarily given consent. The personal data collected by us for the use of the contact form will be automatically deleted after your request has been processed.
You have the option to register on our website or in our app by providing personal data. The personal data transmitted to us is determined by the respective input form used for registration. The personal data you enter will be processed exclusively for internal use for our own purposes. We may instruct the transfer of data to one or more processors who will also use your personal data exclusively for internal purposes that are attributable to us.
In addition, the IP address assigned to the data subject by the internet service provider (ISP), as well as the date and time of registration, are stored. The storage of this data is necessary in order to prevent the misuse of our services, and in case of need, to help clarify any committed criminal offenses. Therefore, the storage of this data is necessary for security purposes. This data will generally not be disclosed to third parties unless there is a legal obligation to do so or the disclosure serves law enforcement.
Your registration, with the voluntary provision of personal data, is intended to offer you content or services that, due to their nature, can only be made available to registered users. Registered individuals have the option to modify the personal data provided during registration at any time or to have it completely deleted from our database.
We provide each data subject with information upon request at any time regarding which personal data about the data subject is stored. Furthermore, we will correct or delete personal data upon the request or notice of the data subject, as long as there are no legal retention obligations preventing this.
We offer you the opportunity to subscribe to our newsletter on our website. With this newsletter, we provide regular updates about our offers. To receive our newsletter, you need a valid email address. The email address you provide will be verified to ensure that you are indeed the owner of the provided email address or that the owner of the email address has authorized the receipt of the newsletter.
By subscribing to our newsletter, we will store your IP address, along with the date and time of your subscription. This is to protect us in case a third party misuses your email address and subscribes to our newsletter without your knowledge. No further data will be collected by us. The data collected in this way will be used exclusively for sending our newsletter. There will be no transfer of this data to third parties. Additionally, the collected data will not be matched with data that may be collected through other components of our site. You can unsubscribe from this newsletter at any time. Details on how to do so can be found in the confirmation email and in each individual newsletter.
Our newsletters contain what’s known as tracking pixels. A tracking pixel is a small graphic embedded in emails sent in HTML format, enabling log file recording and log file analysis. This allows for statistical evaluation of the success or failure of online marketing campaigns. Through the embedded tracking pixel, we can determine if and when an email was opened by a data subject and which links in the email were clicked by the data subject.
Personal data collected through the tracking pixels in the newsletters is stored and analyzed by us to optimize the newsletter distribution and better tailor the content of future newsletters to the interests of the data subject. This personal data is not shared with third parties. Data subjects are always entitled to withdraw their separate consent, given through the double opt-in process, at any time. After withdrawal, this personal data will be deleted by the data controller. We always consider unsubscribing from our newsletter as a withdrawal of consent.
Your personal data will not be transferred to third parties for purposes other than those listed below. We will only disclose your personal data to third parties if you have explicitly given your consent in accordance with Article 6(1) sentence 1 lit. a of the GDPR, or if it is necessary for the fulfillment of contractual obligations, if the disclosure is required in accordance with Article 6(1) sentence 1 lit. f of the GDPR for the assertion, exercise, or defense of legal claims, and there is no reason to believe that you have a predominant legitimate interest in not disclosing your data, in the event that a legal obligation exists for the disclosure in accordance with Article 6(1) sentence 1 lit. c of the GDPR, or if it is legally permissible and necessary for the processing of contractual relationships with you in accordance with Article 6(1) sentence 1 lit. b of the GDPR.
We use cookies for the operation of our website to make it more user-friendly. Some elements of our website require that the requesting browser can be identified even after a page change.
Cookies are small files that enable the storage of specific device-related information on the user’s access device (PC, smartphone, etc.). They serve to improve the user-friendliness of websites and thus benefit the users (e.g., storing login data). Additionally, they are used to collect statistical data on website usage and allow for analysis to improve the service offered. Users can influence the use of cookies. Most browsers offer an option to limit or completely prevent the storage of cookies. However, it is important to note that the use of the website and, in particular, the user experience may be restricted without cookies.
The data collected in this way from users are pseudonymized through technical measures. As a result, it is no longer possible to associate the data with the requesting user. The data are not stored together with other personal data of the users.
The legal basis for the processing of personal data using cookies is Article 6(1) lit. f GDPR. The legal basis for the processing of personal data using technically necessary cookies is Article 6(1) lit. f GDPR. The legal basis for the processing of personal data using cookies for analytical purposes is, if the user has given consent, Article 6(1) lit. a GDPR.
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
The use of analytical cookies is intended to improve the quality of our website and its content. Through the analytical cookies, we learn how the website is used and how we can continuously optimize our services.
These purposes also constitute our legitimate interest in processing personal data according to Article 6(1) lit. f GDPR.
We have integrated content, services, and offerings from other providers on our website. Although we strive to use only third-party providers that require the IP address solely to deliver content, we have no control over whether the IP address is stored. This process is used, among other things, for statistical purposes. Should we become aware that the IP address is being stored, we will inform our users accordingly.
The data controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analytics service. Web analytics involves the collection, gathering, and evaluation of data regarding the behavior of visitors to websites. A web analytics service collects data, among other things, about which website a data subject came from (so-called referrers), which subpages of the website were accessed, how often, and for how long a subpage was viewed. Web analytics is primarily used for optimizing a website and conducting a cost-benefit analysis of online advertising.
The operator company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The data controller uses the “_gat._anonymizeIp” add-on for web analysis via Google Analytics. Through this add-on, the IP address of the affected person’s internet connection is shortened and anonymized by Google when accessing our website from a member state of the European Union or another contracting state of the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the data and information collected, among other things, to evaluate the usage of our website, to compile online reports for us that highlight the activities on our website, and to provide other services related to the use of our website.
Google Analytics sets a cookie on the information technology system of the affected person. The concept of cookies has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. Each time one of the individual pages of this website, operated by the data controller and on which a Google Analytics component has been integrated, is accessed, the internet browser on the information technology system of the affected person is automatically prompted by the respective Google Analytics component to send data for the purpose of online analysis to Google. As part of this technical procedure, Google gains knowledge of personal data, such as the IP address of the affected person, which Google uses, among other things, to track the origin of visitors and clicks, and subsequently enable commission billing. Through the use of the cookie, personal information, such as the access time, the location from which access occurred, and the frequency of visits to our website by the affected person, is stored. Each time our website is visited, this personal data, including the IP address of the internet connection used by the affected person, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share these personal data collected through the technical procedure with third parties.
The data subject can prevent the setting of cookies by our website at any time by adjusting the settings of the browser being used, thereby permanently objecting to the setting of cookies. Such a setting of the browser would also prevent Google from setting a cookie on the data subject’s information technology system. Furthermore, any cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.
Furthermore, the data subject has the option to object to the collection of data generated by Google Analytics related to the use of this website, as well as the processing of this data by Google, and to prevent such data collection. To do this, the data subject must download and install a browser add-on via the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information regarding visits to websites may be transmitted to Google Analytics. The installation of the browser add-on will be considered by Google as an objection. If the data subject’s IT system is deleted, formatted, or reinstalled at a later time, the data subject must reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within their control, the add-on can be reinstalled or reactivated.
We also use the remarketing or “Similar Audiences” function of Google Ads on our website. This feature allows us to present targeted, interest-based advertisements to visitors of our website when they browse other websites within the Google Display Network. To achieve this, user interactions on our website are analyzed, such as which offers the user showed interest in. This enables us to display relevant advertisements to users on other websites as well.
Google uses cookies for this purpose, which allow for an analysis of user behavior on our website. These cookies enable Google to recognize when a user has visited our website and subsequently accesses other sites within the Google Display Network. According to Google, no personal data is stored in this process. If you do not wish to use the remarketing function, you can disable it at any time by adjusting the settings at: https://adssettings.google.com
Alternatively, you can deactivate the use of cookies for interest-based advertising via the advertising network initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp.
You can find more information about Google Remarketing and Google’s privacy policy at https://policies.google.com/privacy.
Further information and the applicable privacy policies of Google can be accessed at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link: https://www.google.com/intl/de_de/analytics/.
The data controller has integrated Google AdWords on this website. Google AdWords is an online advertising service that allows advertisers to place ads both in Google’s search engine results and within the Google advertising network. Google AdWords enables advertisers to define specific keywords in advance, ensuring that an ad appears in Google’s search results only when a user retrieves a keyword-relevant search result. In the Google advertising network, ads are distributed across topic-relevant websites using an automated algorithm that takes the predefined keywords into account.
The operating company of Google AdWords services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of Google AdWords is to promote our website by displaying interest-based advertisements on third-party websites and in the search engine results of Google, as well as displaying third-party advertisements on our website.
If a data subject reaches our website via a Google ad, Google places a so-called conversion cookie on the data subject’s IT system. What cookies are has already been explained above. A conversion cookie expires after thirty days and is not used to identify the data subject. As long as the cookie has not expired, it tracks whether certain subpages—such as the shopping cart of an online store—have been accessed on our website. The conversion cookie allows both us and Google to determine whether a data subject who arrived at our website via an AdWords ad has completed a transaction, such as making a purchase or abandoning it.
The data and information collected through the use of the conversion cookie are used by Google to generate visitor statistics for our website. We, in turn, use these visitor statistics to determine the total number of users who were referred to us via AdWords ads, allowing us to assess the success or failure of each AdWords ad and to optimize our AdWords campaigns for the future. Neither our company nor other Google AdWords advertisers receive any information from Google that could identify the data subject.
The conversion cookie stores personal information, such as the web pages visited by the data subject. With each visit to our website, personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States. Google may share these personal data collected through this technical process with third parties.
The data subject can prevent cookies from being set by our website at any time, as previously described, by adjusting the settings of the internet browser used and thus permanently objecting to the setting of cookies. Such a setting in the internet browser would also prevent Google from placing a conversion cookie on the data subject’s IT system. Additionally, a cookie already set by Google AdWords can be deleted at any time via the internet browser or other software programs.
Furthermore, the data subject has the option to object to interest-based advertising by Google. To do so, the data subject must access the link www.google.de/settings/ads from the respective internet browser they use and adjust the desired settings there.
Further information and the applicable privacy policies of Google can be accessed at https://www.google.de/intl/de/policies/privacy/.
We have integrated Google Tag Manager on our website. With Google Tag Manager, marketers can manage website tags via a user interface. However, the Tag Manager itself, which deploys the tags, works without cookies and does not collect any personal data. The Tag Manager merely triggers other tags, which in turn may collect data. Relevant explanations for these third-party providers can be found in this privacy policy. However, Google Tag Manager does not use this data. If you have set or otherwise made adjustments to disable cookies, these settings will be respected for all tracking tags deployed using Google Tag Manager. The tool does not alter your cookie settings.
Google may ask for your permission to share some product data (e.g., your account information) with other Google products to enable certain features, such as simplifying the addition of new conversion tracking tags for AdWords. Additionally, Google developers periodically review product usage information to further optimize the product. However, Google will never share this type of data with other Google products without your consent.
Further information can be found in Google’s terms of use at https://www.google.com/intl/de/tagmanager/use-policy.html and in Google’s privacy notice for this product at https://www.alphabet.com/de-de/datenschutzrechtlicher-hinweis.
We have integrated components of YouTube on our website. YouTube is an online video platform that allows video publishers to post video clips and other users to view, rate, and comment on these videos for free. YouTube allows the publication of all types of videos, which means that not only full-length movies and TV shows but also music videos, trailers, or user-generated videos can be accessed through the internet platform.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043–1351, USA.
With every visit to one of the individual pages on this website, operated by the data controller, where a YouTube component (YouTube video) has been integrated, the internet browser on the affected person’s device is automatically prompted by the respective YouTube component to download a display of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/. As part of this technical procedure, YouTube and Google become aware of which specific page on our website the affected person is visiting.
If the affected person is simultaneously logged into YouTube, YouTube will recognize which specific page on our website the affected person is visiting when they access a page containing a YouTube video. This information is collected by YouTube and Google and is assigned to the respective YouTube account of the affected person.
YouTube and Google receive information that the affected person has visited our website whenever the affected person is logged into YouTube at the time of accessing our website, regardless of whether the affected person clicks on a YouTube video or not. If the affected person does not wish for such information to be transmitted to YouTube and Google, they can prevent the transmission by logging out of their YouTube account before accessing our website.
The privacy policy published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/, provides information on the collection, processing, and use of personal data by YouTube and Google.
To manage our customer and prospect data, we use the CRM system of the provider HubSpot, Inc. (25 First Street, Cambridge, MA 02141 USA).
A CRM system, or Customer Relationship Management system, as the name suggests, is a system that allows us to manage the relationship and interaction with our (potential) customers. In this system, contact details, offers, agreements, and the planning of further communication are stored. During the first contact with us, we store your contact information and any information obtained from that conversation in HubSpot. If the contact between us and you is continued, we also store all information that we need for a potential collaboration with you. This allows us to always track what agreements we have made, when our last contact with you was, and which of our offers you are interested in. Given the volume of our customers and inquiries, this approach is necessary. However, only employees who are responsible for handling or implementing your inquiries or fulfilling contracts with you have access to your data.
The legal basis for storing data in our CRM system is Article 6(1)(b) GDPR (performance of a contract or taking pre-contractual steps) in conjunction with Article 6(1)© GDPR (compliance with legal obligations).
In summary, the following data may be collected, stored, and processed by HubSpot:
Contact details (company, name, email, phone number, contact person, department)
Offer contents
Inquiries and correspondence
Since HubSpot is a U.S.-based company and some of HubSpot’s data centers are located outside the EU, it may occur that the data you provide (or parts of it) will be stored outside the EU. We have a contract with HubSpot that incorporates the so-called EU Standard Contractual Clauses, making the data transfer to HubSpot legally permissible. The aforementioned personal data will be kept as long as necessary for the purpose of processing. The data will be deleted once they are no longer needed to achieve the purpose or if you request deletion. The right to delete your data may be suspended if we need the data due to a legal obligation or other overriding legitimate interest (e.g., for defense of legal claims). You can find information about data protection at HubSpot here: https://legal.hubspot.com/de/privacy-policy.
If we communicate with you via email, the necessary data for that purpose must of course also be processed in our email program. Additionally, our email program is integrated with HubSpot, so all contact data stored in HubSpot can also be accessed through our email software.
The legal basis for the processing of data with our email program are:
Article 6(1)(b) GDPR, insofar as the email correspondence takes place for the initiation, execution, or termination of a contractual relationship.
Article 6(1)(a) GDPR, when sending newsletters or requested advertising from you.
Article 6(1)(f) GDPR, when sending email advertising, for example, in connection with a previous purchase or contract with the data subject.
We use Zoom to conduct conference calls, online meetings, video conferences, and/or webinars (hereinafter: “Online Meetings”). Zoom is a service provided by Zoom Video Communications, Inc., which is based in the USA. Various types of data are processed when using Zoom. The scope of the data also depends on what information you provide before or during participation in an “Online Meeting.” The following personal data are subject to processing:
User Information
First name, last name, phone number (optional), email address, password (if “Single Sign-On” is not used), profile picture (optional), department (optional)
Meeting Metadata
Topic, description (optional), participant IP addresses, device/hardware information
For recordings (optional)
MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
When dialling in by telephone
Information on the incoming and outgoing call number, country name, start, and end time. If necessary, further connection data such as the IP address of the device can be saved.
Text, audio, and video data
You may have the option of using the chat, question, or survey functions in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the Zoom applications.
To take part in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.
If we want to record “online meetings”, we will inform you transparently in advance and — if necessary, ask for your consent. The fact of the recording will also be displayed in the Zoom app.
If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.
In the case of webinars, we may also process the questions asked by webinar participants for the purposes of recording and following up webinars.
If you are registered as a user at Zoom, reports on “online meetings” (meeting metadata, telephone dialling data, questions and answers in webinars, survey function in webinars) can be stored at Zoom for up to one month.
Personal data that is processed in connection with participation in “online meetings” is generally not passed on to third parties unless it is intended to be passed on. Please note that content from “online meetings”, as with face-to-face meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients
The provider of Zoom necessarily obtains knowledge of the above-mentioned data insofar as this is provided for in our order processing contract with Zoom.
Zoom is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded an order processing agreement with the provider of Zoom that meets the requirements of Art. 28 GDPR.
An appropriate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses. As additional protective measures, we have also configured Zoom in such a way that only data centers in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct “online meetings”.
Legal basis of the processing
Insofar as personal data of employees of Sellerate UG & Co. KG, § 26 BDSG is the legal basis for data processing. If, in connection with the use of Zoom, personal data is not required for the establishment, implementation, or termination of the employment relationship, but is nevertheless an elementary component of the use of Zoom, Art. 6 para. 1 lit. f) GDPR is the legal basis for data processing. In these cases, our interest lies in the effective organization of “online meetings”.
Otherwise, the legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we are interested in the effective organization of “online meetings”.
In order to offer our visitors the opportunity to book appointments with our consultants quickly and easily, we use “Calendly” from “Calendly LLC”. Calendly is a cloud application that offers the planning of meetings as a service. By linking to the consultants’ calendars, visitors can easily select and book a free appointment. In order for the booking to be confirmed and kept free for the user, the user’s name and email address are transmitted to Calendly and forwarded from there to the consultants’ calendars. You can find out more about data protection at Calendly here https://help.calendly.com/hc/de/articles/360007295834-Datenspeicherung-und-Datenschutz.
The legal basis for this processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to simplify scheduling and organization for our consultants and our visitors.
We use the integration service provider n8n.io. N8n is a service provided by n8n GmbH, Borsigstr. 27, 10115 Berlin. For more information about n8n and how it works, please visit https://n8n.io.
We use n8n to link various services and applications with each other and to create automated processes. N8n processes data that you enter via our website. This can be, for example, your name, your e‑mail address or other information that you provide to us.
Data processing by n8n takes place on our own servers or on the servers of third-party providers with whom we work.
We have concluded an order processing agreement (AVV) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
As part of our business operations, we use Google Workspace for e‑mail communication, file storage and video conferencing, among other things. The service provider is the American company Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
All data that you provide to us in the context of contacting us or in the context of a video conference, as well as your e‑mail and IP address and other data required for sending and receiving e‑mails, are stored on Google’s servers in the European Economic Area.
The legal basis for this data processing is the fulfillment of a contract or the performance of pre-contractual measures in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR, or our legitimate interest in the smooth internal processing of our business operations in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.
Google confirms that Google Workspace can be used in compliance with the GDPR. In the contracts, Google undertakes to comply with the GDPR with regard to the processing of customers’ personal data in all Google Cloud Platform and Google Workspace services. It should be noted that if other services such as YouTube are accessed via Google Workspace, Google’s general terms of use and data protection provisions apply again. Google also processes your data in the USA, among other places. It can therefore not be completely ruled out that personal data will be transferred to the USA or that US security authorities will gain access to it.
Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en
Google uses so-called standard contractual clauses in accordance with Art. 46 (2) and (3) GDPR. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA.
For this purpose, we have concluded an order processing agreement with Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, incorporating the current standard contractual clauses of the EU Commission (EU SCC). The processing of personal data exclusively within the EU has been contractually agreed.
Information on the IT security of Google Workspace can be found at https://workspace.google.com/intl/de/security/ for further details.
If we disclose data to other persons and companies (processors, joint controllers or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this is only done on the basis of legal permission (e.g., if the transfer of data to third parties, such as payment service providers, is necessary to fulfil a contract), users have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we disclose, transfer or otherwise grant access to data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest and, in addition, on a basis corresponding to the legal requirements.
If we process data in a third country (i.e., outside the European Union (EU) and the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this is done exclusively in accordance with the statutory provisions.
Subject to express consent or transfer required by contract or law, we only process data in third countries with a recognized level of data protection. This is done on the basis of contractual obligations through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
We collect and process the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents to us electronically, for example by e‑mail or via a web form on the website. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests on our part stand in the way of deletion. An other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
You have the right:
(1) to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
(2) in accordance with Art. 16 GDPR, to demand the immediate correction of incorrect or incomplete personal data stored by us;
(3) to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise, or defense of legal claims;
(4) in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it, and we no longer need the data, but you need it for the assertion, exercise, or defense of legal claims, or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
(5) in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller;
(6) in accordance with Art. 7 para. 3 GDPR to withdraw your consent once given to us at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future and,
(7) to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at the registered office of our law firm.
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures that use technical specifications.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
(1) is necessary for the conclusion or fulfillment of a contract between you and the controller,
(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
As a responsible company, we do not use automated decision-making or profiling.
We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognize whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
This privacy policy is currently valid and is dated 30 August 2024.
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this privacy policy. You can access and print out the current privacy policy at any time at this address.
Berlin office
Bleibtreustrasse 38/39
10623 Berlin
info@start-bereit.com
+49 30 41734256
ready to start © 2025 SB Startbereit GmbH. All rights reserved.